Title: [163695] trunk/Source/_javascript_Core
- Revision
- 163695
- Author
- fpi...@apple.com
- Date
- 2014-02-07 22:56:12 -0800 (Fri, 07 Feb 2014)
Log Message
Don't throw away code if there is code on the worklists
https://bugs.webkit.org/show_bug.cgi?id=128443
Reviewed by Joseph Pecoraro.
If we throw away compiled code and there is code currently being JITed then the JIT
will get confused after it resumes: it will see a code block that had claimed to belong
to an executable except that it doesn't belong to any executables anymore.
* dfg/DFGWorklist.h:
(JSC::DFG::Worklist::isActive):
* heap/Heap.cpp:
(JSC::Heap::deleteAllCompiledCode):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (163694 => 163695)
--- trunk/Source/_javascript_Core/ChangeLog 2014-02-08 05:59:36 UTC (rev 163694)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-02-08 06:56:12 UTC (rev 163695)
@@ -1,5 +1,21 @@
2014-02-07 Filip Pizlo <fpi...@apple.com>
+ Don't throw away code if there is code on the worklists
+ https://bugs.webkit.org/show_bug.cgi?id=128443
+
+ Reviewed by Joseph Pecoraro.
+
+ If we throw away compiled code and there is code currently being JITed then the JIT
+ will get confused after it resumes: it will see a code block that had claimed to belong
+ to an executable except that it doesn't belong to any executables anymore.
+
+ * dfg/DFGWorklist.h:
+ (JSC::DFG::Worklist::isActive):
+ * heap/Heap.cpp:
+ (JSC::Heap::deleteAllCompiledCode):
+
+2014-02-07 Filip Pizlo <fpi...@apple.com>
+
GC should safepoint the DFG worklist in a smarter way rather than just waiting for everything to complete
https://bugs.webkit.org/show_bug.cgi?id=128297
Modified: trunk/Source/_javascript_Core/dfg/DFGWorklist.h (163694 => 163695)
--- trunk/Source/_javascript_Core/dfg/DFGWorklist.h 2014-02-08 05:59:36 UTC (rev 163694)
+++ trunk/Source/_javascript_Core/dfg/DFGWorklist.h 2014-02-08 06:56:12 UTC (rev 163695)
@@ -70,6 +70,8 @@
void suspendAllThreads();
void resumeAllThreads();
+ bool isActive() const { return !!m_plans.size(); }
+
void visitChildren(SlotVisitor&, CodeBlockSet&); // Only called on the main thread after suspending all threads.
void dump(PrintStream&) const;
Modified: trunk/Source/_javascript_Core/heap/Heap.cpp (163694 => 163695)
--- trunk/Source/_javascript_Core/heap/Heap.cpp 2014-02-08 05:59:36 UTC (rev 163694)
+++ trunk/Source/_javascript_Core/heap/Heap.cpp 2014-02-08 06:56:12 UTC (rev 163695)
@@ -732,6 +732,22 @@
// up deleting code that is live on the stack.
if (m_vm->entryScope)
return;
+
+ // If we have things on any worklist, then don't delete code. This is kind of
+ // a weird heuristic. It's definitely not safe to throw away code that is on
+ // the worklist. But this change was made in a hurry so we just avoid throwing
+ // away any code if there is any code on any worklist. I suspect that this
+ // might not actually be too dumb: if there is code on worklists then that
+ // means that we are running some hot JS code right now. Maybe causing
+ // recompilations isn't a good idea.
+#if ENABLE(DFG_JIT)
+ for (unsigned i = DFG::numberOfWorklists(); i--;) {
+ if (DFG::Worklist* worklist = DFG::worklistForIndexOrNull(i)) {
+ if (worklist->isActive())
+ return;
+ }
+ }
+#endif // ENABLE(DFG_JIT)
for (ExecutableBase* current = m_compiledCode.head(); current; current = current->next()) {
if (!current->isFunctionExecutable())
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes